• Fixes Suggestion to add SSL.com root certificate #9, among other things.

• No longer filter Entrust certificates, some of which were removed for security reasons. The current Mozilla list has the right set.

• Remove DST Root CA X3 from extras.pem. It is no longer needed as a stopgap.

• Generate roots-filtered.pem and roots-full.pem files. There is no longer an ambiguously-named roots.pem file.

• Add Comodo AAA Certificate Service and Starfield to extras.pem, as Espressif has done. AAA was removed from the Mozilla list but because mbedtls does not support cross-signing by itself, we need for now for github.com and maybe other sites. Starfield is still used by some sites. These may be removed later.

• add tools/sort_pem_certificates.py. This tool came in handy when compaing ESP-IDF's cert lists with these.

• Update the README.

In CircuitPython, we now use the full ESP-IDF-supplied list for espressif builds. But this list is still used for raspberrypi and zephyr-cp. This list is also used in Adafruit NINA-FW 3.0.0 and later,.

Because the Entrust certs were restored, the current list is probably too large for building NINA-FW 1.7.x, if you update the certificates submodule. But we are moving on from 1.7.x.